1. 首页
  2. 问答
  3. 动态SQL查询

动态SQL查询

2009-09-18 142 views
0

这是我的查询......但它返回不久的“+”动态SQL查询

DECLARE @refKlinik_id INT 
SET @refKlinik_id = 24 

DECLARE @kriter VARCHAR(50) 

IF @refKlinik_id <=0 
BEGIN 
    SET @kriter = '' 
END 
ELSE 
    SET @Kriter = 'AND H.refKlinik_id =' + @refKlinik_id 

SELECT  H.adi + ' ' + H.soyadi AS Hasta, H.tcKimlikNo, CONVERT(varchar, H.dogumTarihi, 103) AS DogumTarihi, K.kisaAdi AS Klinik, A.acikAdres + A.ilce + A.il AS Adres, 
          A.tel1, A.gsm, CASE H.hastaKartiVar WHEN 1 THEN 'Hasta Kartı Sahibi' WHEN 0 THEN 'Hasta Kartı Yok' WHEN NULL 
         THEN 'Hasta Kartı Yok' END AS HastaKartiDurumu 
FROM   Hastalar AS H INNER JOIN 
         Klinikler AS K ON K.klinik_id = H.refKlinik_id INNER JOIN 
         Adresler AS A ON A.refHasta_id = H.hasta_id 
WHERE  (K.refKlinikGrup_id = 1) AND (H.durumu = 1) + @kriter + AND (A.aktif = 1) 
ORDER BY H.adi

来源

2009-09-18 cagin

回答

2

你没有正确使用动态sql - 你必须将查询连接到一个varchar/nvarchar变量,然后执行它。

例如

DECLARE @MyParam INTEGER 
SET @MyParam = 1 

DECLARE @nSQL NVARCHAR(1000) 
SET @nSQL = 'SELECT * FROM SomeTable WHERE SomeField = @MyParam' 
EXECUTE sp_executesql @nSQL, N'@MyParam INTEGER', @MyParam

小心使用动态SQL,这种做法我所示例优于只是串接@MyParam直接到字符串,因为它有助于防止SQL注入。

在你的情况,你实际上并不需要使用动态SQL,你可以这样做:

DECLARE @refKlinik_id INT 
SET @refKlinik_id = 24 

SELECT  H.adi + ' ' + H.soyadi AS Hasta, H.tcKimlikNo, CONVERT(varchar, H.dogumTarihi, 103) AS DogumTarihi, K.kisaAdi AS Klinik, A.acikAdres + A.ilce + A.il AS Adres, 
          A.tel1, A.gsm, CASE H.hastaKartiVar WHEN 1 THEN 'Hasta Kartı Sahibi' WHEN 0 THEN 'Hasta Kartı Yok' WHEN NULL 
         THEN 'Hasta Kartı Yok' END AS HastaKartiDurumu 
FROM   Hastalar AS H INNER JOIN 
         Klinikler AS K ON K.klinik_id = H.refKlinik_id INNER JOIN 
         Adresler AS A ON A.refHasta_id = H.hasta_id 
WHERE  (K.refKlinikGrup_id = 1) AND (H.durumu = 1) AND (@refKlinik_id<=0 OR H.refKlinik_id = @refKlinik_id) AND (A.aktif = 1) 
ORDER BY H.adi

来源

2009-09-18 07:34:05 AdaTheDev

+0

+1推荐sp_executesql! – Brannon 2009-09-18 07:56:58

0

不正确的语法不能@kriter连接成这样的where子句的其余部分 - 它是评估它作为一个字符串,而不是一段SQL。你必须把整个事情放在一个字符串变量中,然后使用Exec

来源

2009-09-18 07:28:00 MartW

0

这应该工作:

DECLARE @refKlinik_id INT 
declare @query varchar(1000) 
SET @refKlinik_id = 24 

DECLARE @kriter VARCHAR(50) 

IF @refKlinik_id <=0 
BEGIN 
    SET @kriter = '' 
END 
ELSE 
    SET @Kriter = 'AND H.refKlinik_id =' + cast(@refKlinik_id as varchar(10)) 

set @query='SELECT  H.adi + '' '' + H.soyadi AS Hasta, H.tcKimlikNo, CONVERT(varchar, H.dogumTarihi, 103) AS DogumTarihi, K.kisaAdi AS Klinik, A.acikAdres + A.ilce + A.il AS Adres, 
          A.tel1, A.gsm, CASE H.hastaKartiVar WHEN 1 THEN ''Hasta Kartı Sahibi'' WHEN 0 THEN ''Hasta Kartı Yok'' WHEN NULL 
         THEN ''Hasta Kartı Yok'' END AS HastaKartiDurumu 
FROM   Hastalar AS H INNER JOIN 
         Klinikler AS K ON K.klinik_id = H.refKlinik_id INNER JOIN 
         Adresler AS A ON A.refHasta_id = H.hasta_id 
WHERE  (K.refKlinikGrup_id = 1) AND (H.durumu = 1)' + @kriter + 'AND (A.aktif = 1) 
ORDER BY H.adi' 
exec(@query)

来源

2009-09-18 07:38:29

0

可能我建议输入的一个字符之前您熟悉以下“基本阅读”的动态SQL。

The Curse and Blessings of Dynamic SQL

然后,如果你有关于内容有任何疑问只是让我知道。

来源

2009-09-18 07:59:13

相关问题

 相关问题